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The need to 

expand 
open-source 

licensing 

In his seminal 1997 essay on 
the nature of open source, 
entitled "The Cathedral and 
the Bazaar," Eric Raymond de- 
scribed the Linux community 
as a "great bab- 
bling bazaar of 
differing agen- 
das." In the late 
1990s and early 
years of this 
decade, it 

would be fair to 
say the same characterization 
could be made of the open- 
source licensing scene. 

During that era, open- 
source software (OSS) was hip 
and many companies wanted 
to ride the train. The problem 
was that each company had 
its own ideas about what terms 
to require of users, and so 
there came about a prolifera- 
tion of open-source licenses. 
Many of the licenses duplicat- 
ed nearly exactly the terms 
in other licenses, and it 
became extremely difficult to 
tell whether two licenses actu- 
ally had the same require- 
ments or not. 

It was clear that as long as 

this bazaar was allowed to 

function, the OSS movement 

was not likely to find a warm 

continued on page 30 ► 



Cloud focus of Microsoft 
interoperability efforts 



BY DAVID WORTHINGTON 

Microsoft receives feedback 
through many channels, but it 
chose to place itself in the hot 
seat in May at a closed-door 
meeting of its Interoperability 
Customer Executive Council 
(ICEC). The feedback that it 
received helped Microsoft form 
a more pragmatic approach to 
interoperability that focused on 
customer scenarios, two execu- 
tives said, but critics maintain 
that Microsoft is not entirely sin- 
cere in its efforts. 

Discussions at the ICEC 
event were "robust" and helped 



Microsoft understand what its 
customers really need, said Craig 
Shank, general manager of the 
interoperability group at Micro- 
soft. As a consequence of that 
meeting, the company started 
various work streams, including 
meetings between its product 
architects and those customers, 
he added. 

However, the company 
refused to discuss exactly what 
specific comments and sugges- 
tions were made. The event 
included 31 partner CIOs, who 
were "frank" with Microsoft in 
their comments, Shank said. 



The ICEC work will focus on 
delivering interoperability in 
cloud computing, development 
environments, identity, Microsoft 
products and systems manage- 
ment, said Jean Paoli, general 
manager of interoperability strate- 
gy at Microsoft. It will follow a 
structured approach that Micro- 
soft uses internally. 

There are four main areas to 
Microsoft's structured approach 
to interoperability: products and 
standards implementations, col- 
laboration, developer resources, 
and participation in formal stan- 
dards bodies, Shank said. 




Microsoft is taking a structured 
approach to interop, Paoli says. 

"A standard is a stack of paper 
until you start coding," he said. 
"The nature of coding is that you 
need to know what you are cod- 
ing against — that's where devel- 
oper resources come into play." 

Microsoft is identifying how it 
continued on page 20 ► 



Hadoop super-sizes data cluster platform 

this Apache project have a big impact in the clouds? 




The open-source project gets its 
name from a child's stuffed animal. 



BY ALEX HANDY 

It's named after a stuffed ele- 
phant, but the Apache Hadoop 
project is no toy. It's designed to 
handle the largest datasets in the 
world, as well as perform the dou- 
ble duty of both cluster manage- 
ment and distributed file system. 
Developers in enterprises around 
the world have been building 
such systems from scratch since 
the dawn of grid computing, and 
with Hadoop approaching version 
1.0, an alternative is at hand. 

That's not to say that Hadoop is 
without warts. For the past three 
years of formal development, the 
project has consistently broken 



backward compatibility, and many 
users have cited security as an 
ongoing concern. But Hadoop 
creator Doug Cutting, also an 
employee of Yahoo, says that both 
of these issues should see solu- 
tions in the next two releases. 

Mike Fitzgerald, COO of 
Adknowledge, said that his com- 
pany has been using Hadoop for 
almost a year now. His team runs 
Hadoop in Amazon's EC2 cloud, 
but it uses its own implementa- 
tion rather than Amazon's official 
Hadoop services. 

Adknowledge uses its Hadoop 
cluster to sift through customer 
data to determine which ads are 



best suited to which customers. 
He said that, on average, his 
team's Hadoop cluster sifts 
through approximately 40 ter- 
abytes of data at a time in a 
batch job. 

Fitzgerald said that developing 
applications to run on Hadoop 
requires the understanding of 
some new concepts. "You need to 
understand the concepts of 
map/reduce, and distributed 
computing," he said. 

"We use Java and have found it 
relatively easy to write Java code 
that leverages the Hadoop frame- 
work. The most important thing 
continued on page 20 ► 
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Smarter technology for a Smarter Planet: 

Can the boundaries of a 
business be defined by its 
people instead of its walls? 

Businesses like nice solid walls, both the physical and the fire variety. 
But on a smaller, flatter, smarter planet, we increasingly find ourselves 
working with people far outside those walls: partners, suppliers, 
customers and remote employees. Instead of protecting, those nice 
solid walls stand in the way of how people want to work. 

IBM is incorporating new tools like social software, wikis, blogs and 
presence awareness throughout its entire collaboration portfolio to help 
people in companies reach beyond their walls. The next challenge is to 
give people the tools they need anytime and anywhere they need them, 
not when their tech department has time to set them up. 

That's why IBM is offering a new way of accessing its collaboration and 
social networking tools: through the cloud. To the individual, cloud-based 
tools like LotusLive™ let people work securely with whomever they want 
to, regardless of what side of the firewall they find themselves on. To the 
organization, these collaboration tools enhance the productivity of its 
employees without the cost and complexity of building and managing 
any additional infrastructure, giving them a seamless extension of their 
capabilities. And it's all backed by the legendary security that companies 
expect from IBM. So organizations don't have to tear down their walls 
to reach beyond them. 

A smarter business needs smarter software, systems and services. 
Let's build a smarter planet, ibm.com/collaborate 
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Seeking compliance in the cloud 

Building apps on external platforms requires special considerations 



BY DAVID WORTHINGTON 

Cloud computing can make it 
easier for developers to meet 
an organization's compliance 
requirements, but it can also 
introduce new risks and run 
afoul of regulations that govern 
data, a panel of experts told 
SD Times. 

They recommended that an 
organization document what 
processes cloud providers have 
in place to secure application 
data and safeguard privacy; 
communicate its requirements 
for applications to providers; 
understand how regulation 
affects development in external 
clouds; and know what liabili- 
ties apply if something goes 
wrong when it is no longer the 
primary custodian of data. 

Surprisingly, cloud providers 
can offer greater control and visi- 
bility of IT assets than on-premis- 
es systems, said Cass Brewer, 
founder of Truth to Power, an 
online information governance 
research community. 

In the cloud, every action is 
an invocation of a service and 
can therefore be monitored, 
logged or even rolled back, 
explained Peter Coffee, direc- 
tor of platform research for 
Salesforce.com. "It provides a 
big step in the right direction 
towards achieving compli- 
ance... It's auditable, instead of 
being a scavenger hunt through 



incredibly heterogeneous IT 
environments, which most 
organizations are using today." 

Important business process- 
es exist in traditional enterprise 
IT, which are not governed at 
all, he added. For instance, 
employees might exchange data 
by attaching spreadsheets to e- 
mails. In that instance, achiev- 
ing compliance is difficult 
because there are "an amazing 
number of places" where that 
data can go, as well as poor 
specification and auditability of 
what actions where performed 
by whom, he explained. 

"You can't even dream of 
getting a snapshot of a compli- 
ance inventory in the tradition- 
al IT model," Coffee said. "You 
don't end up with residual state 
on network edge devices in 
cloud. That is worth an enor- 
mous amount," he added. 

However, the lauded bene- 
fits of cloud computing might 
be out of reach for organiza- 
tions that operate in highly reg- 
ulated industries. 

APPROACHING THE CLOUD 

Companies should do legwork 
before they approach the cloud 
to understand their own com- 
pliance requirements and how 
they may conflict with what the 
provider offers, said Chenxi 
Wang, a principal analyst at 
Forrester Research. 




The cloud vendor isn't responsible for your compliance, says Brewer. 



Secondly, they should pro- 
duce a feasibility study based 
on their compliance require- 
ments to see if they impede 
moving IT to the cloud or not, 
she said. "They need to com- 
municate requirements clearly 
to vendors and know what they 
are asking for. 

"A vendor won't do compli- 
ance for you, and you are ulti- 
mately responsible to work with 
the vendor to make sure that 
the outsourcing relationship 
does not violate a compliance 



requirement," she added. 

A lot of that risk of falling out 
of compliance is dependent 
upon what type of cloud an 
organization adopts, whether it 
is under private control or pub- 
lic, or a hybrid of the two, said 
Marne Gordan, governance, risk 
and compliance market manag- 
er for IBM Tivoli. "An organiza- 
tion is responsible for that data 
no matter where it is resident." 

Private clouds remain 
behind the firewall and are gov- 
erned by the organization. 



SCO line may find new life with unXis 

Sale of Unix, mobile businesses could help in bankruptcy case 



BY JEFF FEINMAN 

The SCO Group has found a 
group of investors to purchase 
its Unix and mobile business, 
which may be a key step in get- 
ting the company out of bank- 
ruptcy and away from potential 
liquidation. 

SCO signed a definite 
agreement in June with unXis 
(pronounced you-NEX-is), an 
investment group led by pri- 
vate equity firm Gulf Capital 
Partners, to sell off its Unix 
wing and other parts of the 
business to the new entity. 

SCO executives said they 
hope this helps the company 
avoid liquidation, as the U.S. 
Department of Justice made a 
motion in early May to convert 



SCO's Chapter 11 bankruptcy 
protection to Chapter 7. 

As part of the deal, SCO 
would retain its claim to the 
Unix rights that are currently 
being disputed in court, 
although its Unix business 
would go to unXis. That com- 
pany would also take in SCO's 
mobile application business, 
including all Mobile Server 
technology. 

Jeff Hunsaker, president 
and COO of SCO, said all 
employees would move to 
unXis. CEO Darl McBride 
would remain with SCO and 
continue on with all outstand- 
ing litigation. 

SCO has several court cases 
pending. Most recently, a 



November 2008 federal court 
ruling declared that Novell 
had retained the copyright to 
Unix. SCO's other cases, 
against IBM and Red Hat, 
have been stayed until SCO 
emerges from bankruptcy. 

SCO said that upon approval 
of the court, unXis will be fully 
protected against future court 
decisions. 

"This new group has no 
interest in the litigation, and it 
will be firewalled, if you will, 
from SCO," Hunsaker said. "So 
the new company will invest in 
new technologies, and we'll 
upgrade and enhance our Unix 
product lines." 

Hunsaker stated that SCO 
and the investors behind unXis 



have been in talks for "over a 
year now," as SCO has gone 
through Chapter 11 proceed- 
ings. The other group involved 
in unXis besides Gulf Capital 
Partners is London-based 
investment firm Merchant- 
Bridge Group. 

When asked if current eco- 
nomic conditions might make 
this acquisition difficult, Hun- 
saker said he didn't expect 
there to be any funding issues. 

"I think these investors real- 
ize that there's a little bit of a 
gold mine with this company," 
he said. 

The U.S. Bankruptcy Court 
has set a July 27 hearing date to 
review the agreement and 
motions. I 



Even external clouds differ. 
They could be Infrastructure as 
a Service like Amazon, or fully 
realized services like Salesforce 
or other packaged offerings, 
said Truth to Power's Brewer. 
"How companies approach 
[internal] control, compliance 
and risk is incumbent on [the] 
nature and configuration of 
what it is." 

Once application data is in 
the cloud, it can reside across 
multiple data centers in many 
locations. Applications may 
work as seamlessly as ever, but 
laws that govern data are far 
from being uniform. 

An organization should 
involve its compliance officer, 
general council or outside rep- 
resentation to determine laws 
and regulations from local, 
municipal and global govern- 
ments before it decides to use a 
public cloud, Gordan said. 

Just dealing with EU mem- 
ber states is complicated, she 
said. "Some laws are so differ- 
ent that some things you are 
required to disclose in one 
country are forbidden in anoth- 
er, and you cannot export data 
in others," she said. "Where is 
the border in the cloud?" 

KNOW THE TERMS 

Regulated organizations need to 
secure data and are responsible 
for it no matter where it resides, 
Gordan said. Cloud data centers 
may have excellent physical 
security, but cloud computing 
can "blur the line" between who 
is a trusted "insider" for han- 
dling data, and who is outside of 
the organization, she added. 

"In terms to access, where 
do they sit in an organization?" 
said asked. "Cloud administra- 
tors have root access. . .Are they 
trusted insiders in your organi- 
zation? How do you account for 
those individuals?" 

The primary custodian of 
protected information within 
an organization should be 
responsible for understanding a 
cloud provider's security pro- 
tections, Gordan said. "You can 
partner and outsource under 
the U.S. HIPAA [Health Insur- 
ance Portability and Account- 
ability Act], but you cannot out- 
source responsibility." 

Additionally, an investment 

in the cloud may receive more 

continued on page 18 ► 
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, COMPANIES , 



Debugger provider TotalView Technologies has partnered with IBM 
to market the TotalView debugger on IBM's Blue Gene/P supercom- 
puter. An IBM executive said this will offer Blue Gene/P users a great 
option because of its ability to debug complex applications. 



NEW PRODUCTS 



ComponentOne has released software that reduces the size of 
Silverlight XAP files. XAP, pronounced "zap," is the file extension 
for a Silverlight-based application package. ComponentOne exec- 
utives said XapOptimizer can reduce a Silverlight application up 
to 70% by removing unused classes and XAML resources. This 
can guicken the download time of other network resources. 



UPDATES 



Enterprise software maker Bluenog has released a new version of 
its open-source application development platform. Bluenog ICE 
4.5 has an Enterprise Wiki feature based on the JSPWiki open- 
source project that allows users to share content . . . Information 
security company Aladdin Knowledge Systems has released a new 
version of its software protection and licensing software. HASP 
SRM 4.0 allows for hardware- and software-based protection, 
license creation, management, and enforcement. According to 
Aladdin executives, the new version lets developers do software 
licensing in three new languages: Chinese, Italian and Japanese 
. . . Timesys has released LinuxLink 3.0, the latest version of its 
software development framework for Linux. LinuxLink now has 
integration with the Virtex-6 FPGA (field programmable gate array) 
silicon foundation product line from digital programmable logic 
device company Xilinx. The combination of the LinuxLink frame- 
work and Xilinx bring smoother hardware/software integration, 
according to Timesys executives . . . Business intelligence compa- 
ny Panorama Software has added a Flash Analytics client to its 
NovaView business intelligence application suite. Company execu- 
tives said the client will improve data analysis capabilities. Other 
new features in NovaView 6.0 include a new relational data con- 
nector that maps to all relational data sources, and the ability for 
users to collaborate inside or outside of the firewall when building 
reports . . . Instantiations has updated all of its software quality 
and security offerings in conjunction with the release of Eclipse 
Galileo. As part of the update, there is expanded data binding in its 
WindowBuilder Pro GUI builder, as well as integration with the Mac 
OS Cocoa application development environment. Company execu- 
tives also said there is improved test generation in the CodePro 
AnalytiX code guality software . . . RIA provider Magic Software 
has released uniPaaS 1.8, the latest version of its application 
development platform, adding .NET integration for rich Internet 
applications. There is also Windows Mobile access to RIAs in the 
new version of uniPaaS, which the company said improves applica- 
tion availability for employees working out of the office . . . Gover- 
nance platform provider WebLayers has integrated its WebLayers 
Center platform with HP SOA Systinet 3.1, Hewlett-Packard's soft- 
ware for governing SOA-based applications. WebLayers executives 
claimed this will reduce costs involved in integration and SOA 
development. 



_L 



PEOPLE 



_L 



Nanci Caldwell has been named to TIBCO Software's board of 
directors. Caldwell is the former executive vice president and 
chief marketing officer for PeopleSoft. Prior to joining PeopleSoft 
in 2001, she spent 19 years with Hewlett-Packard in various 
senior executive positions. Currently, Caldwell also serves on the 
board of directors for Citrix Systems and enterprise management 
software provider Deltek Systems. I 



IBM floats into private 
cloud development 



BY DAVID W0RTHINGT0N 

IBM wants to be your develop- 
ers' onramp to the cloud. Big 
Blue is introducing cloud service 
offerings for software develop- 
ment and testing, as well as desk- 
top virtualization. It will build 
out private cloud infrastructures 
for customers that choose on- 
premises solutions. 

The company announced 
Smart Business Services in 
June, a new service-based con- 
sumption model for IBM plat- 
forms that permits applications 
and tools to reside in both pub- 
lic and private clouds behind 
the firewall. 

IBM's cloud offerings include 
a stack of pre-integrated tools, 
including Eclipse IDE, IBM 
DB2, Rational and WebSphere, 
as well as a configuration utility 
for managing services, said 
Jim Comfort, vice president of 
enterprise initiatives in cloud 



computing at IBM. 

The company is leveraging 
its worldwide data centers to 
provide the public option. 
IBM's public cloud is primarily 
Linux based, and it leverages 
VMware vC enter Server to 
manage images, he said. 

Customers can participate at 
several tiers: The cloud is 
exposed as infrastructure as a 
service, at the platform level, and 
at the software level. "We will 
add features to the public cloud 
over time to differentiate for the 
enterprise," Comfort said. 

When asked about interop- 
erability with other cloud 
providers, he stated that IBM 
was committed to openness, 
but he declined to discuss any- 
thing specific. 

"This offering does not 
address all of those issues. We 
are trying to develop tools for 
service managers that have the 



ability to develop packages to 
[deploy in] to other clouds," 
he added. 

Customers can opt to build 
their own private cloud out of 
IBM software components, or 
Big Blue can build the infra- 
structure for them. A product 
called IBM CloudBurst includes 
pre-integrated hardware, soft- 
ware and service offerings. 

IBM will meter customers' 
usage of its public cloud, then 
bill them accordingly. Cus- 
tomers will receive service level 
agreements for private clouds 
that are built and managed by 
IBM, said Comfort. 

CloudBurst was made avail- 
able in June, and a beta version 
of IBM's public cloud offering 
was also made available, he 
said. Private cloud components 
for development, testing and 
desktop virtualization are avail- 
able now. I 



Looking for structure in the clouds 



BY ALEX HANDY 

Two cloud-focused conferences 
in San Francisco gave attendees 
a view back on a year's worth of 
cloud hype and speculation. At 
Structure 09 and CloudCamp, 
both held during the week of 
June 22, hundreds came to cut 
through the fog surrounding 
the promises of the cloud. 

Russ Daniels, CTO of cloud 
services and EDS at Hewlett- 
Packard, said at Structure 09 
that he has spent the last year 
trying to comprehend all that 
makes up the concept of cloud 
computing. "I've had to sort 
through all the hype and enthu- 
siasm and figure out what it's all 
about," he said. 

Above all, the resounding 
wisdom from both shows, after 
a year of real-world cloud expe- 
riences, was that the cloud pre- 
sents an entirely new set of 
challenges for application 
architecture. 

These requirements are still 
emerging as developers begin to 
tap the power of Amazon's EC2 
and other cloud hosting services. 
One often-overlooked aspect of 
cloud application architecture is 
the fact that many systems do 
not offer a clear view of what is 
going on internally. Thus, appli- 
cations that encounter errors are 



not able to alert an operator 
promptly. Therefore, cloud 
applications require self-healing 
routines, more robust error han- 
dling and failover support. 

Other problems appear 
around databases. Data plat- 
forms for the cloud were a hot 
topic for both events. Jason 
Hoffman, CTO and founder of 
Ruby hosting company Joyent, 
hosted a panel at Structure 09 
that discussed, among other 
things, the rise of data solutions 
such as CouchDB, Hadoop and 
Hypertable. These new data 
handling systems, he said, 
require developers and IT man- 
agers to rethink their data han- 
dling strategies. 

"We're having a positive 
renaissance around data and 
data storage. We're starting to 
take scaling and performance 
into account when we start 
building our data structures," 
said Hoffman. 

Amazon Web Services was 
heavily discussed on the floors 
of both conferences, to the 
point that the company's ser- 
vices have become almost syn- 
onymous with cloud. 

At Structure 09, Michael 
Crandell, founder of cloud plat- 
form provider RightScale, said 
that many companies are wor- 



ried about "getting locked into 
interfaces. Data is a big lock-in. 
Wherever your data lives, it can 
be time consuming and expen- 
sive to move out." 

Crandell also said that devel- 
opers and architects can reap 
great rewards from designing 
with portability in mind, which 
he said can give developers a 
quick path to recovering from 
disasters if their current cloud 
provider fails. 

Werner Vogels, vice presi- 
dent and CTO of Amazon, said 
that cloud computing is causing 
ripples of change throughout 
the industry. 

"For us, cloud computing is 
not something of the future. It's 
reality. It's now," he said. "If you 
look at the tremendous amount 
of technology that we launched 
in the past year: elastic map/ 
reduce [to support large data 
sets], autoscaling [for capaci- 
ty]... We have tremendous 
uptake in the enterprise. 

"If you look at the tremen- 
dous amount of things that 
happened in the past year for 
Amazon and our cloud part- 
ners, it's incredible. I have not 
seen, in the recent history of 
technology, such a disruptive 
influence on the way that 
applications are being built." I 
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In Rakudo virtual machine, Perl 6 



BY ALEX HANDY 

Since the initial call for papers 
on the subject, Perl 6 has 
become an almost mythical 
update. But after nine years of 
work, and heavy collaboration 
with the open-source Parrot pro- 
ject, Perl 6 is finally getting ready 
for public use. One of the Perl 6 
virtual machine implementa- 
tions, Rakudo, has been slowly 
creeping toward completion, 
and its developers say it is now 
ready for experimentation. 

Rakudo is built on top of 
the Parrot project, which seeks 
to build a generic runtime for 
all dynamic languages. Patrick 
Michaud, lead developer of 
Rakudo, started working on 
the Parrot project five years 
ago. At the time, he was over- 
whelmed by the changes he 
saw in Perl, and he wondered 
how exactly they could be 
implemented at all. 

"The specification [for Perl 
6] is divided up into synopses," 
said Michaud. "They roughly 
correspond to the chapters of 
the Camel book [O'Reillys Perl 
programming guide]. My jaw 
dropped when I read the chap- 
ter on regular expressions. Perl 5 
regular expressions are what 
everyone raves about. What the 
Perl 6 design team especially did 
was to go back and rethink regu- 
lar expressions. What would 
they want to do to make that 
more powerful, so you could 
write the Perl 6 parser in Perl 6? 

"To me, it was like a whole 
new level of regular expression 
power. The first thing we needed 
to have a compiler [was] to have 
a parser. The first year or so of 
my work was writing this regular 
expression engine that, as far as I 
know, nobody had ever thought 
of before. When I first read this 
before I started working on the 
project, I thought to myself, 
'Nobody could ever do this!' " 

The tricky thing here for 
Michaud and the Rakudo team 
is that the grammar of Perl 6 
can be modified dynamically 
at runtime. That's difficult 
enough, but also making sure 
that such modified grammar 
doesn't spill out to negatively 
influence libraries or other 
Perl applications is even trick- 
ier, said Michaud. But all of 
the work he and his team have 
put in over the last five years 
has allowed this vision to 
become reality, and it gives 
Perl 6 an incredible amount of 



versatility, he said. 

But Michaud and the team 
working on Parrot and Rakudo 
seem to have accomplished 
their goals thus far. Parrot 
reached version 1.0 in May, 



and Rakudo is already on 
release number 18. 

"There are at least two Perl 
6 implementations," said 
Michaud. "They are not the 
complete language, but they 



are sufficient for quite a few 
people to be writing in. There 
are number of people who say 
Perl 6 is a myth, but the facts 
are pretty clear that there are 
people writing Perl 6 already." 



Of course, that doesn't 
mean the Perl 6 specification 
won't change again. Michaud 
said that many of the shifts in 
the specification have come in 
response to problems discov- 
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has a testing ground 



ered while trying to create the 
runtime in Parrot. 

Allison Randal, chief archi- 
tect and lead developer of the 
Parrot project, said that the work 
being done on it is intertwined 



with Perl 6. She said that Perl 6 
"is kind of a superset of all the 
features of all the dynamic lan- 
guages you've ever seen. There 
really isn't any existing virtual 
machine that could support that 



out of the box. The existence of 
Perl 6 at all depends fairly heavi- 
ly on Parrot." 

Randal was quick to point 
out, however, that there are oth- 
er implementations of the Perl 6 



runtime, most notably Pugs, 
which is written in Haskell. 

As Perl 6 and Rakudo con- 
tinue to mature, the communi- 
ty around the language contin- 
ues to grow as well, said 
Michaud. This is in line with 
Perl's creator Larry Wall's state- 
ment that "Perl 5 was my 
rewrite of Perl. I want Perl 6 to 




be the community's rewrite of 
Perl and of the community." 

As the Perl 6 community has 
become more magnanimous by 
taking on other projects (like 
Parrot, thereby allowing for 
more synergies between dynam- 
ic languages), it would certainly 
seem that Wall's vision has come 
to fruition. I 

IDS Scheer 
governs BPM 
modifications 

BY DAVID WORTHINGTON 

Over the past 25 years, business 
process management (BPM) 
software maker IDS Scheer has 
witnessed the fallout of unman- 
aged process change. In 
response, it has introduced a 
governance engine that will 
automate control processes, 
making change a far less risky 
proposition, the company says. 

The company delivered a 
product called ARIS Gover- 
nance Engine (AGE) in June. 
AGE is designed so that depart- 
ments can define and execute 
governance processes without 
asking for IT support. 

A BPM project team can 
connect people via the gover- 
nance engine: It handles com- 
munication through e-mail, 
requires changes to be signed 
off on, and stores project plans, 
said Joerg Heistermann, CEO 
of IDS Scheer in the Americas. 
"There should be no person 
surprised with project changes; 
it keeps everyone in the loop." 

Participation in process 
changes is not restricted behind 
the firewall. "Some customers 
have set up portals to share 
process changes," he said. 

AGE includes predefined 
reference processes for vertical 
industries, including the Supply 
Chain Council SCOR model, as 
well as ITIL regulations for the 
aerospace industry, said Heis- 
termann. Users may also define 
their own rules. 

Pricing for AGE is deter- 
mined by process complexity, he 
explained. "We learn about the 
project before selling, but we can 
sell the standard solution too." 

The company also intro- 
duced freeware process model- 
ing software called ARIS 
Express in May. 

"Processes get changed 
monthly, and change and flexi- 
bility is part of business," said 
Heistermann. "Static tools do 
not support businesses." I 
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Parrot 1.4 brings cohesion to dynamic languages 



BY ALEX HANDY 

The Parrot project has attempt- 
ed to do the unlikely many 
times before. This open-source 
platform for dynamic languages 
includes the facilities for run- 
ning existing dynamic lan- 
guages, such as Perl, Python 
and Ruby, but also includes the 
tools for building new lan- 
guages and providing them with 
the infrastructure needed to 
function in almost any environ- 
ment. Today the Parrot project 
released version 1.4, a major 
update that achieves many of 
the interoperability goals ini- 
tially set by the Parrot team. 

The Parrot project has cre- 
ated both a runtime for 
dynamic languages, like 
Python and Ruby, and a set of 
tools for adding new lan- 
guages. Since the version 1.0 
release in May, outside con- 
tributors have begun adding 
languages, such as APL, Lua 
and SNOBOL. Parrot is also 
designed to be embedded in 
other applications and environ- 
ments as a standalone generic 
language runtime. 

The initial goal of Parrot 1.0 



was to give developers a plat- 
form on top of which to build 
languages, without regard to 
production environments just 
yet. Patrick Michaud, a contrib- 
utor to Parrot and the lead 
developer of Rakudo, the Perl 6 
engine based on Parrot, said 
that the overall goals of Parrot 
are broader than just having a 
unified runtime. 

"The goal was to provide a 
platform for dynamic lan- 
guages and dynamic language 
development. Perl, Python, 
Ruby — they all tend to create 
their own implementation or 
reinvent each others' wheels, 
internally," said Michaud. "It 
was felt we could build a virtu- 
al machine that could provide a 
common layer for all of these 
for people, so they could focus 
on language issues. 

"These languages would be 
able to have libraries that could 
communicate and work togeth- 
er. Let's say I am a Perl pro- 
grammer, and there's a Python 
library I can take advantage of. 
Parrot gives me a common sub- 
strate to get those to work 
together." 



At the head of the project is 
Allison Randal, chief architect 
and lead developer for Parrot. 
She joined the project eight 
years ago when she became 
interested in Perl 6, a language 
that is heavily intertwined with 
the Parrot project. Today, she's 
passed from Perl into the actu- 
al guts of Parrot, which is writ- 
ten in C. 

Interoperability, aside, the 
1.4 release also adds some fin- 
ishing touches to this dynamic 
language runtime and toolkit. 
"A lot of what we're doing now 
is interface spit and polish," 
said Randal. "We're working on 
the embedding interface. 
We've been starting to do more 
optimizations. Three years ago 
we decided not to put our effort 
into optimization until we had it 
feature complete. We've had 10 
to 20% speed gains in the last 
month." 

And that is what the primary 
focus of Parrot 1.4 has been. 
Michaud said that such interop- 
erability support was at around 
75% at the release of version 
1.0. Over the next three 
months, work has continued to 



expand such interoperability so 
that all supported languages 
will have the ability to share 
libraries. 

"The next major release is 
scheduled for January 2010, 
and it is to focus on hardening 
Parrot to be something that's 
more production-ready," said 
Michaud. "We've got people 
starting to use it, and we're 
starting to bring those features 
and cleanups into Parrot to 
people who want to run this in 
their very interesting applica- 
tions." 

Parrot developers have 
already added constructs to 
support Lua, Perl 6, PHP, 
Python, Ruby, and a host of oth- 
er languages, such as Forth, 
Scheme and Tel. 

BLAZING NEW TERRITORY 

But for Randal, the most excit- 
ing thing about Parrot isn't sup- 
port for existing languages, it's 
the creation of new ones. 

"In five to 10 years, I hope to 
see new languages being devel- 
oped on top of Parrot. The lan- 
guages we have right now are 
old," said Michaud. "There are 



some things, particularly con- 
currency, that they don't sup- 
port very well. 

"It's disturbing to me to see 
the features Perl 6 is develop- 
ing have been around for 30 or 
40 years. Not in a usable form, 
but they've been around. I'd 
really like to see Parrot act as a 
booster for language evolution." 

Indeed, Michaud's work on 
the tools within Parrot is aimed 
at making it easy to write com- 
pilers. And that, he said, is the 
real killer feature for Parrot: 
making it easier for developers 
to build their own dynamic lan- 
guages from scratch. 

The Mozilla Foundation also 
seems to share this vision: The 
non-profit donated a grant to 
the Perl Foundation, which was 
then used to fund Michaud's 
work on the Parrot project for a 
number of months. Michaud 
said that the grant made him 
wonder if it would be useful to 
embed Parrot into a browser. 
Such a move, he said, would 
allow dozens of languages to be 
used in the design of websites 
and applications, not just 
JavaScript. I 
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webMethods 8.0 tailored to tight budgets 

Software builds business user self-reliance 



BY DAVID worthington more with less. In response, 
As the worldwide economic Software AG has adapted web- 
downturn draws out, enterprise Methods 8.0 to focus on devel- 
IT workers are attempting to do oper productivity. 



The company announced 
the availability of webMethods 
8.0 in June. It is now available becomes generally available in 
to new customers, but existing December. Customers can 



customers will not be able to 
upgrade until the release 
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install over existing implemen- 
tations. 

webMethods 8.0 keys in on 
three main areas: making IT 
more dynamic for business 
users without engaging devel- 
opers; reducing maintenance 
expenses; and streamlining 
application development, said 
Susan Ganeshan, vice presi- 
dent of product strategy at 
Software AG. 

Self-service capabilities 
have been introduced, which 
allow business users to define 
their own key performance 
indicators through a drag-and- 
drop interface, and to share 
analytics with other business 
managers. Business users may 
also make small ad hoc 
changes to business processes 
without "disrupting IT with 
small nuances," Ganeshan said. 
All changes are governed. 

Six months ago, a search for 
new employees would have 
included reviewing resumes, 
deciding on candidates, and 
making offers within a budget 
range, but that workflow may 
have changed due to the econo- 
my, she explained. With ad hoc 
process changes, business users 
can modify the process to 
include CFO approval. 

WHAT ELSE IS NEW? 

Administration of webMeth- 
ods is now more hands-off. 
webMethods now handles 
more errors on its own, and it 
can spin up new instances in 
response to increased demand 
for applications, Ganeshan 
said. 

It can likewise help devel- 
opers keep pace with demand 
for applications, she said. 
"A project that took four 
months to deliver will now be 
done in a three-month imple- 
mentation." 

Software AG has unified 
webMethods development for 
BPM and SOA into a single 
Eclipse design environment, 
and it has also integrated its 
CentraSite ActiveSOA service 
repository into webMethods. 
ActiveSOA ties business 
processes to SOA develop- 
ment, applying policies to 
every asset that is included in 
the registry to govern change 
management and service 
reuse. 

It provides knowledge about 
the components that make up 
composite applications, Gane- 
shan explained. "Developers 
will understand what actions 
must be taken before changes 
are implemented." I 
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Telerik looks to boost 3D for Silverlight 



BY JEFF FEINMAN 

.NET component provider 
Telerik has added a 3D charting 
engine for Microsoft Silverlight 
to the second-quarter release of 
its RadControls UI components 
and Web testing suite. 

The company said that the 
charting engine, released earli- 
er this month, can turn complex 
data into interactive, animated 
graphics. 

"Telerik has built a 3D 
engine to render real 3D objects 
so they can be manipulated in 
3D space, and it will be deliv- 
ered for both Silverlight 2 and 
Silverlight 3," said Todd Anglin, 
chief evangelist for Telerik. 

Microsoft rolled out 3D 
capabilities in Silverlight 3, 
which was released in beta at 

Semantic Web 
devs get a hand 

from TopQuadrant 

BY ALEX HANDY 

TopQuadrant has released a 
modeling tool for developers 
who still aren't entirely sure how 
to deal with the Semantic Web. 
TopBraid Composer Free Edi- 
tion, released in June, is based 
on Eclipse, and gives developers 
the tools needed to model and 
view resource description frame- 
work (RDF) files. TopQuadrant 
claims that TopBraid Composer 
can be used to lower the barrier 
of entry to companies looking to 
unlock the Semantic Web. 

Holger Knublauch, VP of 
product development at Top- 
Quadrant, said that "there is fast- 
growing interest from all indus- 
tries to understand the unique 
data quality, data integration and 
dynamic discovery benefits that 
Semantic Web technology has to 
offer. But we recognize that 
unfamiliarity with W3C Seman- 
tic Web standards and costs are 
two obstacles prohibiting many 
organizations from starting a 
Semantic Web project." 

TopBraid Composer Free 
Edition includes the tools need- 
ed to view, build and under- 
stand RDF models, without the 
need to learn Web Ontology 
Language. 

Additionally, TopBraid Com- 
poser Free Edition includes 
support for the RDF query lan- 
guage, SPARQL. 

TopBraid Composer Free 
Edition is available at the com- 
pany's site. I 



the MIX 09 conference in 
March. Anglin claimed that 
Telerik's charting engine allows 
for the creation of richer graph- 
ics than what Silverlight devel- 
opers might have with the Sil- 
verlight 3 beta. 



Another main feature in the 
release that Anglin talked about 
is a free Web tester called the 
WebAii Testing Framework for 
RadControls. This lets develop- 
ers simulate user interfaces in 
ASP.NET and Silverlight. 



"Today, a developer may 
open up a Web app, click 
through, and log in manually," 
Anglin said. "Our testing frame- 
work allows them to program 
those steps and automate the 
process of manually clicking 



through your application to 
ensure the UI works the way 
you expect it to." 

This release also has Sil- 
verlight Scheduler, which uses 
scheduling features similar to 
those of Microsoft Outlook; and 
Visual Style Builder, which 
designs skins for RadControls 
for ASP.NET AJAX. I 
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Users can load Amazon Machine Images into the Elastic Compute Cloud with LabManager CE. 

VMLogix creates dev test 
platform for AWS, EC2 



BY DAVID WORTHINGTON 

Development and QA professionals 
have a new option for managing virtual 
labs off premises by leveraging the elas- 
ticity and billing capabilities of Amazon 
Web Services (AWS). 

VMLogix delivered in June a beta of 
LabManager Cloud Edition, and the 
company is slated to release a hybrid 
solution for virtual machine manage- 
ment — in and out of the cloud — before 
the end of the year. 

LabManager CE s management con- 
sole has an agent for AWS that enables 
users to load AMIs (Amazon Machine 
Images) into the Amazon Elastic Com- 
pute Cloud, explained CEO Sameer 
Dholakia. Agents will be added to sup- 
port cloud providers over time. 

'We are having active conversations 
with Sun Microsystems' and IBM's cloud 
development teams," he said. From the 
user's perspective, the management tool 
will be the single interface point for man- 
aging images, whether they reside in a 
cloud or corporate data center, he added. 



VMLogix will ship LabManager 
Hybrid Cloud Edition before the end of 
this year, a product for customers that 
prefer to stage their own testing environ- 
ments. "A hybrid product is the holy grail 
for pre-production labs," Dholakia said. 

Smaller shops and startups without 
an investment in lab infrastructure 
might prefer an all-cloud offering, but 
many enterprises believe that they can 
manage baseline workloads more cost- 
effectively than renting capacity, he 
explained. "That is not true for steady 
state up to peak demand." 

LabManager CE beta customers are 
charged per virtual machine hour of use 
at Amazon's pricing. 

Development and testing is a safe 
place for enterprises to get their feet wet 
with cloud computing, Dholakia said. 
"You won't see mission-critical applica- 
tions in the cloud anytime soon, but you 
will see dev and test out there. No one 
will get fired if dev test goes down for 30 
minutes, and there is less risk associated 
with this use case." I 



Blueprint adds on new diagrams 



BY JEFF FEINMAN 

Requirements software company Blue- 
print Systems is trying to improve visual 
capabilities for requirements definition 
in a new version of its business require- 
ments suite. 

Blueprint Requirements Center 2010, 
announced in June, offers new business 
process diagrams that are equipped with 
swim lanes and decision branches, 
according to Blueprint executives. 

Swim lanes are an element of business 
process diagrams that display the tasks 
and decisions of an individual (such as a 
marketing director) or a department in a 
business. Decision branches show the 
decisions made by that individual or 
department. 

The new version (average price is 
marked at US$6,000 per user) will be 



available at some point in the coming 
months, the company said. 

There is new visual simulation tech- 
nology in Requirements Center 2010 
that enables developers and stakehold- 
ers to "visually walk" through all 
requirements. 

"The simulation is multi-aspect, 
meaning that many aspects, including 
text requirements, use cases, user inter- 
face mockups, data and rules, are inte- 
grated," said Tony Higgins, vice presi- 
dent of product marketing for Blueprint. 

Blueprint has also made some 
improvements to Requirements Cen- 
ter's search capabilities, embedding the 
search function into the main toolbar, 
where it is available at all times. Addi- 
tionally, requirement documents can 
now be read using Microsoft Word. I 
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Intersoft gives businesses controls for ASP.NET, Silverlight 



BY DAVID WORTHINGTON 

Component maker Intersoft 
Solutions has introduced sev- 
eral new .NET controls that 
are designed to increase the 
performance of line-of-busi- 
ness applications for ASP.NET 



and Silverlight through client- tion controls costs $799 



side functionality. 

The company released 
WebUI Studio 2009 in June. The 
suites price starts at US$1,299, 
and an additional bundle of Sil- 
verlight navigation and visualiza- 



Intersoft's ASP.NET Web- 
Grid Enterprise grid control 
has been retooled to reduce 
the size of the client footprint, 
and, according to the company, 
with one line of markup, it can 



access ADO.NET, Windows 
Communication Foundation 
and Windows Azure services. 

It also uses more client-side 
logic to reduce callbacks to the 
server. 

Two new controls, Direct- 




Upload and WebText Editor, 
add desktop-like features to 
ASP.NET Web applications. 
WebTextEditor provides a 
text-editing capability for 
Web-based content manage- 
ment systems. 

Direct Upload is a specialized 
control for transferring large 
files in the background while an 
application is being used. It 
shows information about the sta- 
tus of the transfer, including 
estimated completion time. 

WebUI Studio's Silverlight 
controls have design-time sup- 
port for Microsoft Expression 
Blend 2.5 and Visual Studio 
2008. I 

Changepoint road 
map details agile 
tracker's future 

BY JEFF FEINMAN 

Compuware has set up a 12- 
month road map for its Change- 
point portfolio management 
software, releasing a version of 
the software catered to agile 
development. 

For the first part of the road 
map, Compuware released Agile 
Accelerator in June. Agile Accel- 
erator is a version of Change- 
point configured for tracking 
agile software projects; it is free 
and designed to help customers 
address business problems 
through agile development. 

"We're adopting the agile 
methodology, we've got sprint 
backlogs, daily Scrum meetings, 
and we've go to be able to have 
those resources enter their time 
and status reports against the 
activities within the agile world," 
said Greg Davidson, product 
manager for Changepoint. 

Following Agile Accelerator, 
Davidson also said that the 
company plans to roll out some 
project management capabili- 
ties for the next version of 
Changepoint, though he did 
not get into specifics. 

Similar to what other compa- 
nies, such as Kovair, Serena and 
Urbancode, have done for third- 
party integration, Compuware 
will use service bus technology to 
integrate Changepoint data to 
third-party systems. 

Davidson said Compuware's 
next Changepoint release is 
scheduled for June 2010, when it 
will integrate with Compuware's 
Vantage IT service management 
software. I 
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Special considerations necessary when writing apps 



< continued from page 4 

scrutiny in enterprises than internal IT 
would, said Brewer. 

"The committees evaluating invest- 
ment in a service may be different than 
internal committees formed around 
developing internal IT process. 
Depending on the risk profile of the 
organization, there might be a different 
focus on compliance, and they might 
hold feet to fire more than internal 
departments as well," she explained. 

Aside from receiving greater scrutiny, 
cloud data centers may also be more 
secure than corporate servers, said Miko 
Matsumura, vice president and deputy 
CTO at Software AG. "People used to 
think it was safer to put your money in a 
mattress." 

If regulatory requirements about 
securing application data are unclear, 
organizations should consult compliance 
experts and never rely upon a literal read- 
ing of a statute, said Salesforce s Coffee. 

Contract management is key, Gordan 
said. "There must be a good security 
assurance [on the] part of all parties." 

Forrester's Wang recommended an 
emphasis on application security, data 
protection, identity management, log 
management, physical and personnel 
security, and vulnerability manage- 





'My message for application 
developers is that if your application 
invoices complex regulatory data, 
keep it out of the cloud for now. ' 






—Peter Coffee, director of platform research, 

Salesforce.com 



ment — things that companies usually 
have full oversight over internally. 

Further, organizations should seek 
assurances about personnel certifications 
and documentation of the service plat- 
form, in addition to contractual assur- 
ances, Brewer said. 

There must also be a clear delin- 
eation of liability to determine who is 
held responsible if something goes 
wrong, Wang said. A resource action for 
every level of concern should be laid out 
in the service agreement, such as finan- 
cial compensation or early exit from a 
contract, she added. 

Other terms should cover the owner- 
ship and rights associated with intellectu- 
al property, she said. "There is a clear 
delineation in SaaS [Software as a Ser- 
vice], but PaaS [Platform as a Service] is a 



little more of a gray area." 

Lastly, end-of-contract conditions 
should be clear, such as the packaging of 
data in a usable fashion, and having 
providers erase applications and data in 
their environment in a timely manner, 
Wang said. 

Companies also need to be aware of 
the impact of national privacy laws on 
distributed computing environments, 
said Brewer. Data can travel from one 
country to another where privacy laws 
are more lax, or an application may 
transfer its data to a service in a different 
data center, she explained. 

NOT 'ALL OR NOTHING' 

While it is true that a risk assessment 
might preclude an organization from 
using a cloud provider for some work, 



cloud applications are not a monolithic 
choice of "all-or-nothing data in cloud," 
Coffee said. 

"Cloud applications can do an awful 
lot without having 100% cloud resident 
data," he said. Developers can still take 
advantage of external clouds by using 
programming workarounds, such as 
anonymous identifiers (a customer ID) 
that can be re-associated with data that 
is stored on premises, he explained. 

"Simply look it up at your end of the 
wire when you are viewing or generating 
reports," Coffee said. 

People are doing things in complicat- 
ed ways to access archived data in the 
cloud, said Software AG's Matsumura. 
However, it may be easier in the near 
future, he said. 

Cloud providers may end up offering 
platforms that are compliant with regu- 
lations and still able to keep covered 
data in the cloud as soon as this year, he 
said. "There will be certification and 
assurances at the corporate to corporate 
level; ISO 9000 kind of things. 

"My message for application develop- 
ers is that if your application involves 
complex regulatory data, keep it out of 
the cloud for now. You'll be building 
stuff someone else is building in parallel, 
and it's not economically worthwhile for 
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for the cloud 



you to build," he said. 

Coffee demurred at that suggestion, 
stating that no cloud provider can 
ensure compliance for information-dri- 
ven business processes when employees 
must enter data into an application. 

"Saying I have a HIPAA-compliant 
cloud is like saying that I have a crash- 
proof car," because, procedural issues 
such as making sure that a paper form is 
not left out on a desk make it impossible 
for a cloud provider to ensure end-to- 
end compliance for processing, he 
explained. 

"At least in our cloud, nothing will 
prevent them from constructing applica- 
tions that are HIPAA- or PCI- [Periph- 
eral Component Interconnect] compli- 
ant, [a] process that includes our 
technology as part of the [processing] 
chain," Coffee said. 

"One of the most important con- 
cepts to get across is that compliance is 
a combination of knowing what infor- 
mation assets you are responsible for 
managing whether you originate them 
or not, what processes touch those 
assets, and who has what roles in those 
processes," he said. "After you've done 
all of that should you start worrying 
about cloud aspects versus other 
aspects." I 



WHAT TO LOOK FOR WITH CLOUD COMPUTING PROJECTS 




Organizations should seek the following security and privacy 
assurances for third-party and cloud computing: 



1 Contractual alignment of 
• third-party controls 

Whenever practical and feasible, the 
organization includes privacy and infor- 
mation protection controls and compli- 
ance in contracts and agreements with 
third parties that provide business 
processes, products, and services with 
potential impact on privacy and informa- 
tion protection objectives. 

Reguired third-party privacy and 
security controls are 
eguivalent to the 
organization's own 
goals, and they are 
adeguate to meet orga- 
nizational privacy and 
security 




control objectives. If the organization 
cannot impose contractual obligations 
on external service providers (e.g., in the 
case that the service is imposed on the 
organization or the service is a com- 
modity), the organization documents its 
explicit assumptions about the service 
capabilities with regard to information 
security. 

Where a sufficient level of trust can- 
not be established in external services 
and/or service providers, the organiza- 
tion employs compensating controls or 
accepts a greater degree of risk. 

2 Privacy assurance in 
• third-party computing 
("cloud computing") services 

The organization investigates and 
responds to potential risks and busi- 
ness impacts associated with the 
storage of sensitive data on remote 
servers. Investigations assess 
whether the service provider's terms 
of service and policies are in concor- 
dance or potential conflict with laws and 
internal policies under which customer 
nformation has been and will be collect- 
ed. In particular: 



■ Whether the ability of the service 
provider to use information provided by 
the organization is limited to activities 
permissible under law and internal policy. 

■ Whether transactional and report- 
ing data generated by the provider 
based on services rendered violates 
applicable law or internal policy. 

■ Whether use of a provider's ser- 
vices constitutes cross-border informa- 
tion transfer that subjects organization- 
al information to additional country 
privacy laws. 

■ Whether information stored by a 
service provider on physical servers in a 
country or countries other than the 
organization's base country subjects 
organizational information to additional 
privacy or security reguirements. 

■ Whether sensitive business or cus- 
tomer information retained by a service 
provider is acceptably protected from 
legal discovery and investigatory actions. 

In addition, the organization seeks 
assurance that service providers do not 
process, store or transfer information 
through jurisdictions whose laws do not 
provide for adeguate information pro- 
tection. 

Source: The Madness of Clouds: Sourcing, Control and 
Privacy Policy, by Cass Brewer 
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Hadoop super-sizes clustered processing platform 



< continued from page 1 

to ask is, 'What are the problems 
you're trying to solve with 
Hadoop?' The best times to use 
it are when you're doing things 
that require very large-scale 
computation with a lot of data. 

"We have in the past used 
big iron databases like Netezza, 
and we have a lot of Oracle. 
When you reach that scale, you 
really challenge what those 
things can handle. You're better 
off in an environment where 
you're adding commodity hard- 
ware to a cluster." 

HADOOP'S HISTORY 

Hadoop began life when Cutting 
started to build Nutch, an open- 
source search engine applica- 
tion. He had previously created 
the Apache Lucene project, 
which produced an open-source 
information-retrieval library 
written in Java. Based on that 
project, He began working on 
Nutch around 2004 with Mike 
Cafarella. Cutting said that a 
great deal of the work involved in 
Nutch was creating the underly- 
ing cluster infrastructure for 
physically scaling the platform. 

"The only people who could 
scale to the size of the Web were 
Google, Microsoft and Yahoo," 
said Cutting. "Google and 
Microsoft have similar technolo- 
gy, presumably, that they use 
internally, but those are special. 




Hadoop is designed for generic 
data processing, says Cutting. 

There's also database technolo- 
gies, which purport to scale. I 
don't think they scale as far, or as 
easily. But they also have differ- 
ent performance comparisons, 
so it's apples to oranges. 

"Hadoop is designed for 
much more generic data pro- 
cessing. It doesn't require an 
extensive indexing or data-load- 
ing step. It's presenting all of 
your data ahead of time. All that 
classic database analysis isn't 
required." 

Cutting eventually found 
that the infrastructure beneath 
Nutch was becoming more 
powerful and elaborate, espe- 
cially after he read Google's 
paper on map/reduce. In 2006, 



he joined Yahoo, and the infra- 
structure project was officially 
named after a stuffed elephant: 
Hadoop. Today, Yahoo houses 
the world's largest Hadoop clus- 
ter, coming in at 4,000 nodes. 
This cluster contributes to 
every Yahoo search performed. 

With a full team working on 
Hadoop and its supporting tools 
and projects, Yahoo and Cut- 
ting have pushed the project to 
version 0.20.0. While there is 
no set date for the release of 
version 1.0, the Hadoop team is 
striving to release it before the 
end of the year. 

Hadoop is made up of a 
number of subprojects. These 
include a distributed file system 
(HDFS), the HBase database, 
and the Pig language for build- 
ing data queries. As an Apache 
Foundation project, however, 
Hadoop is surrounded by alter- 
native tools. Amazon substitutes 
its own S3 storage services for 
HDFS, and Facebook has con- 
structed its own data warehouse 
infrastructure (Hive) with a 
SQL-like substitute for Pig. 

Ashish Thusoo, engineering 
manager at Facebook, said his 
team uses a 600-node Hadoop 
cluster. He said that Hadoop is 
useful for business intelligence 
and summarization applications. 

"Our ad insight numbers are 
generated in Hadoop and Hive. 
It's a widely published system 



here, and we get 3,000 jobs a 
day with more than 100 users 
using it internally. It's useful for 
analytics on all sorts of struc- 
tured data, as well as unstruc- 
tured data," he said. 

HOT PROPERTY 

So compelling is the Hadoop 
story that Christophe Bisciglia, 
founder of Cloudera, said that 
he had to "fend off investors 
with a stick." Cloudera packages 
Hadoop into numerous forms 
for use on the various Linux dis- 
tributions and within Amazon's 
EC2. The company also offers 
numerous training courses on 
Hadoop. Bisciglia's company has 
already accepted two rounds of 
funding since the beginning of 
2009. The focus of Cloudera, he 
said, is on getting enterprises up 
and running on Hadoop, fast. 

"First, we provide Hadoop 
training services," said Bisciglia. 
"A lot of our training content is 
online and available for free. You 
can download a virtual machine 
with Hadoop and Eclipse 
already set up. More on the 
product side of this, we have tak- 
en all the core Hadoop code, 
plus improvements and bug fix- 
es, and we've packaged these in 
easy-to-download RPMs and 
debs, and we created an Ama- 
zon Machine Image as well." 

But perhaps Hadoop's most 
interesting impact has been in 



the scientific community. Eric 
Baldeschwieler, vice president 
of grid computing at Yahoo, 
heads the team that works with 
Hadoop at Yahoo. When asked 
if they were surprised at the 
success of Hadoop, Cutting said 
that he was. 

On the other hand, Balde- 
schwieler said that he "wasn't 
surprised. There was a reason 
we decided to do this in open 
source. My team has been 
building this kind of stuff since 
1998. We built several genera- 
tions of similar frameworks. 
The reason we did Hadoop is 
because the scientists were 
banging on our doors, demand- 
ing we introduce something 
similar to the map/reduce 
papers they'd read. 

"They literally have an order 
of magnitude improvement of 
their output," added Balde- 
schwieler. "They'll take a huge 
amount of data — maybe all Web 
pages — and build a dictionary 
that will make Web search bet- 
ter. Before, they were doing a lot 
of grunt work to get that data 
onto a machine to do their 
research. Hadoop just gives 
them a pool of machines they 
can use. They don't have to do all 
the IT work for moving the data 
around. They spend days instead 
of weeks writing their programs, 
and their programs run in weeks 
instead of months." I 



Interoperability focus on clouds 



< continued from page 1 

implemented standards, and it is 
collaborating with the industry to 
do testing work for its standards 
implementations, he said. 

The company has commis- 
sioned a website called Interop- 
erability Bridges and Labs Cen- 
ter to serve as an online 
resource for documentation 
about Microsoft protocols and 
standards implementations. 

Shank said that enabling 
interoperability creates opportu- 
nities within its partner ecosys- 
tems. Apple used Microsoft's 
documentation to implement 
Microsoft's ActiveSync Ex- 
change mobile e-mail synchro- 
nization technology for the 
iPhone. In addition, NotifySync, 
a communications software mak- 
er that brought ActiveSync to 
BlackBerry devices, used 
Microsoft documentation, he 
said. "The documentation is 



robust; sunshine is useful." 

When asked whether some 
documentation was too com- 
plex to be useful to developers, 
Shank said that Microsoft has 
taken steps like rewriting its 
Office Binary Protocol file doc- 
umentation, and that there is a 
"high degree" of of support 
through MSDN, the company's 
developer portal. 

Collaboration is also crucial, 
Shank said. "There is a certain 
amount of beer and pizza and 
coffee that is required to go into 
our interoperability effort." 

Paoli said, "The customer 
expectation is that things work 
together. The reality is that inter- 
operability is difficult. People 
expect it to work just like magic." 

He noted that Microsoft has 
produced an open-source 
Internet Explorer plug-in for 
browsing document formats. 

However, those efforts have 
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not been enough to silence one 
of the company's major critics. In 
June, Rob Weir, chief ODF 
architect at IBM, wrote in his 
blog that Microsoft was engaged 
in a whisper campaign against 
ODF in an effort to promote the 
Open XML format that it creat- 
ed. Microsoft did not respond 
specifically to his remarks. 

Document standards are not 



the only place where gray areas 
can lurk. In an April interview 
with SD Times, Tim Hall, 
director of SOA products at 
Hewlett-Packard, suggested 
that software makers, including 
Microsoft, might tack on pro- 
prietary functionality to cloud 
standards, citing SQL language 
implementations as a past 
example of that behavior. 



When questioned, Paoli 
brushed off suggestions that 
Microsoft could add its own 
"secret sauce" to standards. 

"Thirteen years ago, we had 
the same discussion on XML. 
People were saying, 'Microsoft 
is going to add secret sauce to 
the XML parser,' but the only 
thing I can tell you is to judge 
us with what we do." 

Microsoft is trying to "turn 
the lemons into lemonade" with 
better licensing, security and 
interoperability, said Laura 
DiDio, founder of Information 
Technology Intelligence Corp., a 
Boston-based research firm. The 
company is also entering into 
new markets that have higher 
profit margins to spur its growth 
beyond its operating system and 
Office businesses, she added. 

"[Microsoft] has done a 
credible job with [Windows] 
Azure, but is still confronted 
with people skeptical of its abil- 
ity to make its mark and com- 
pete in new markets." I 



electf*ccloud 




Is your build process a little outdated? 
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Introducing Time-lapse View, 

a productivity feature of Perforce SCM. 

Time -lapse View lets developers see every edit ever mode to a file in a 
dynamic, an nolo ted display. At long la&t r developers can quickly find answers, 
to questions such asj 'Who wrote this code, end when?' and 'What content 
got changed, and why?' 

Time -lapse View features a graphical timeline that visually recreates the 
evolution of a file, change by change, in one Fluid display. Color gradations 
mark the aging of file contents, and the display's limeline can be configured 
la show changes by revision number,, date, or changeset number. 

Time -lapse View is just one of the many productivity tools that come with the 
Perforce SCM System. 
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When it comes to software devel- 
opment, software configuration 
management (SCM) serves as 
the eyes on the assembly line. It is the 
task of tracking and controlling changes 
throughout the software development 
life cycle, and reproducing actions in 
order to simplify development. 

Making development processes easi- 
er, however, isn't so simple these days, as 
systems being developed become more 
complex and the development process 
gets more complicated with larger, dis- 
tributed teams. 

Several main SCM providers are try- 
ing to rise to the occasion in easing these 
complications. Some companies have 
tried to open up SCM to non-coders, 
while others are focused on merge fea- 
tures, because easing complications 
around merging branches is seen as an 
important ability with more and more 
companies branching code. 

Daniel Magid, Aldon's chief technol- 
ogy strategist, said that its strength in 
tracking the software life cycle lies in a 
strong repository. Aldon has what he 
called a two-part repository for SCM. 

The first part is a database repository 
that stores copies of the parts of the 
development life cycle being managed. 
It contains all build results and artifacts 
around application development. 

"Developers can say, 'Show me 
everything related to the payroll applica- 
tion,' and they can see all the artifacts 
related to payroll, whether those things 
are all on one platform or they have 
some Windows parts, Unix parts or Lin- 
ux parts," Magid said. "They can have all 
those things and say, T'm interested in 
seeing the current status of our payroll 
application,' and they can see everything 
regardless of where it might be stored." 

The second part of the repository con- 
sists of the metadata associated with the 
software being managed. The metadata, 
which is both user-defined and informa- 
tion that Aldon keeps track of, is about 
how software is built and deployed. 

Aldon puts a great deal of focus on 
automation, and Magid said the compa- 
ny has always tried to figure out how to 
automate the process of moving a devel- 
opment project through the life cycle. 
This is done by having the developer 
identify the process rules about how 
each stage is managed; who has the per- 
missions move something into a particu- 
lar stage; and who can request and 
approve moves into a stage. Then the 
developer identifies how he or she wants 
software and applications deployed. 

"We'll automatically deploy it, so all 
you need to do is say, 'Here's the pack- 
age I want to move,' and the system will 
know where it needs to [be deployed to] 
and how to install it on those locations," 
Magid said. "The idea for us is to make 
it very simple to set up these processes, 
and then make it easy for the user to 
move things through the life-cycle 
process on a day-to-day basis." 

CollabNet, meanwhile, continues to 
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regularly update its Subversion version 
control system, trying to lessen issues 
around changes in software. A June 2008 
release of Subversion incorporated 
merge-tracking features, so Subversion 
keeps track of what changes have been 
merged and where. CollabNet execu- 
tives said this reduces costs involved in 
maintaining branches, which are ver- 
sions of the same software that are 
developed independently. 

In more-recent releases of Subver- 
sion (version 1.6.3 was due in early July), 
one of the main features CollabNet has 
focused on is tree-conflict handling, 
which executives described as looking at 
more complex types of conflicts that can 
happen during merging. 

"A tree conflict happens at the direc- 
tory level, not just the file level, and so 
now there's a way to flag that automati- 
cally and call for someone to do some 
interactive conflict resolution to address 
it before checking in," said Victoria 
Griggs, senior director of product mar- 
keting for CollabNet. 

"For instance, let's take your typical 
scenario where me and you are both 
working on a file, and we make changes, 
and we need to figure out if we're going 
to keep your changes or mine. 

"There's some more complex merge 
conflicts that can happen at the directo- 



ry, so let's say I'm working on a file and 
you delete that file from our branch. So 
now when I go to check in that file again, 
it no longer exists. That's what we con- 
sider a tree conflict, and the system 
needs to flag that it's an issue." 

CollabNet expects to be rolling out 
version 1.7 of Subversion towards the end 
of 2009. Two big areas that CollabNet will 
be working on for that release and future 
releases are additional tree-conflict man- 
agement features and improvements to 
the communication layer. 

In 1.7, Subversion will have a new 
HTTP protocol, which Griggs said will 
reduce the number of network turn- 
arounds to make Subversion faster. This 
way, developers will see faster speeds 
when committing code to a Subversion 
repository over a wide area network. 

"Subversion itself has been architected 
for distributed developers, so it expects 
that people are sitting around the world 
and checking code into a centralized 
repository," Griggs said. "Still, there're 
some areas to improve on performance 
with the underlying communication that 
we have with the central repository." 

MEETING SCALABILITY 

Perforce Software tries to focus on 
providing adequate scalability in its 
SCM system in order to keep up with 



customers' large, globally distributed 
teams. Growing demands might 
include concurrent usage, growth in 
the number of team projects, and 
changes in the size of the files being 
managed. 

"There are a couple of things we do 
to meet scalability needs," said Charles 
McLouth, director of sales for Perforce. 
"One of those things is improvements to 
concurrency, where you've got more 
people doing more simultaneous opera- 
tions. We're also particularly proud of 
our streaming protocol and RPC 
[Remote procedure call] communica- 
tions, and it really allows us to transmit 
content at amazing speeds." 

McLouth added that Perforce's SCM 
release last year included enhancements 
that allowed the protocol to self-tune to 
the network it was on. 

In recent releases, Perforce has tried 
to spread its SCM wings beyond coders. 
In an August 2008 release, Perforce 
rolled out visual differencing functional- 
ity, offering "image diffing" that lets 
users compare a changed image side-by- 
side with the Perforce Visual Client. The 
purpose of this was to make Perforce 
more attractive to game developers and 
other software makers. 

McLouth pointed out that coders on 
game development projects are usually 
part of a bigger team that may include 
writers, designers, animators and sound 
technicians. As such, Perforce attempts 
to make sure that all contributors on a 
project can use the same SCM. 

"Perforce needs to provide interfaces 
for different applications for each of 
these specialists," McLouth said. 
"Whether they're managing graphics 
with Photoshop, documents in Word, or 
some sort of design file, providing these 
multimedia interfaces and the ability to 
manage any type of digital asset is criti- 
cal to Perforce's success." 

Perforce will look to expand its 
reach in future releases of its SCM soft- 
ware. However, it is also delivering 
code-focused features. McLouth said 
there is a native interface for Java 
developers coming down the line, 
although he didn't get into specifics. 

While Perforce is a company looking 
to open SCM to non-developers, other 
companies, like UK-based PureCM, 
provide version control and software 
configuration management products for 
traditional developers. 

PureCM's SCM software offers a fea- 
ture called merge path, which Mike 
Shepherd, a technical consultant with 
PureCM, described as automating the 
merging between two different code 
branches. 

Another feature called workspace 
rebasing lets developers move a work- 
space from one code line to a different 
or newer one. 

Shepherd said the company's biggest 

advantage on the SCM market is its 

ability to support multiple codebases, 

continued on page 24 ► 
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< continued from page 23 

and methods involving developers 
working in parallel PureCM can create 
"streams," which is a code line that can 
spawn other code lines based off of the 
original line. 

"We generally try to be more light- 
weight than other tools," Shepherd said. 
"We have a lower amount of general 
platform requirements; we don't require 
a SQL database and that sort of thing, so 
it's generally easy to maintain." 

Down the line, Shepherd said the 
company is heading towards more of an 
ALM 2.0 style, with third-party integra- 
tions available for the SCM system. 
"We're going to be having our own kind 
of 'mini-ALM' tool in the not-too-dis- 
tant feature, looking to try to blur the 
distinction between SCM and ALM 
[application life-cycle management]," 
Shepherd said. He didn't offer further 
specifics and said that is still in devel- 
opment. 

IMPROVEMENTS IN REPORTING 

With Seapine Software, a SQL back end 
for storing artifacts serves as a differen- 
tiator for Surround SCM, company 
executives said. Paula Rome, a senior 
product manager with Seapine, said the 
SQL back end is beneficial particularly 
for reports, as SQL allows developers to 



use third-party reporting information 
through querying. 

The most recent version of Surround 
SCM brought an integration with Post- 
greSQL. In a future release, Seapine will 
also be adding the ability to use the Ora- 
cle database to store artifacts. 

Rome also talked about Surrounds 
platform support: Both Mac OS and 
Windows users can use the same server 
without a difference in clients getting in 
the way. 

"We don't believe that source code 
control or management is only for C + + 
and Java files," she said. "In order to ship 
a real-world product, you've got a lot of 
other artifacts that need the change 
management capabilities." 

Rome noted that Seapine would 
update its API for SCM as well as add 
additional reporting capabilities down 
the road. Seapine will allow users to con- 
figure reports without necessarily having 
to know how to write SQL statements. 
Reports will be customizable with Cas- 
cading Style Sheets, which can help 
cater reports to a company's business 
document style. 

The new API will let developers use 
Surrounds configuration management 
capabilities in their "programming lan- 
guage of choice," according to Rome. 
There will also be new ways for how a 



developer can design and customize the 
client. This will all help with third-party 
integration. 

"With the API and client customiza- 
tion, we're going to be able to have much 
greater integration with third parties," she 
said. "People have been using Surround 
as their build management tool already, 
but we're going to be really doing some 
interesting things, because that API is 
going to be able to expose so much more." 

Serena Software's Dimensions CM 
focuses on compliance, change and 
release management, and productivity, 
according to Serena executives. It lets 
development teams work with a single 
code repository. Serena added a loca- 
tion-aware cache to reduce latency 
problems that can affect how well global 
teams work together, as well as a rela- 
tional database management system. 

Dimensions CM can monitor deploy- 
ments throughout production, and can 
deploy to Linux, Unix and Windows. 
The software also automates build 
processes within continuous integration 
practices, and it can maintain build 
dependencies among components to try 
and lessen the number of broken builds. 

Charts have been added to Dimen- 
sions CM's reporting, and reports may 
now include histograms, pie charts and 
other charts, said Ash Owen, Serena's 



director of product marketing. Reports 
can be attached as files into e-mails, or 
be shared through Web content portals 
so stakeholders can view metrics and 
reports on their application develop- 
ment projects. 

Serena also emphasized Dimensions 
CM's ability to integrate with Serena's 
other life-cycle tools. "We can plug-and- 
play quite nicely with our tools and oth- 
er preferred QA or requirements man- 
agement tools," Owen said. But product 
integration is not yet complete. 

Owen added that Serena would like 
to eventually integrate Dimensions CM 
with its Agile On Demand agile project 
manager. Serena will try to increase 
interoperability with different non-Sere- 
na IDEs. Additionally, there will be 
greater integration with Serena's Busi- 
ness Mashups. 

In today's changing work environ- 
ment, it is very important for software 
companies to continue innovating their 
SCM systems and cater their offerings 
to the changing needs of their users. 
Whether it is Perforce's upcoming 
native interface for Java, Seapine's 
improved API, or any of the other fea- 
tures that will be polished off in the 
near future, SCM makers are innovat- 
ing to keep up with the latest trends in 
development. I 
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FROM THE EDITORS 

Amazon has won cloud 1.0 

We are still in the very early days of cloud computing, but already 
one company is far ahead of the crowd. 

Amazons Web Services are not just the leading cloud services, the 
company is also one of the very few in this fledgling industry that consis- 
tently fosters new, useful products and innovation. Amazon is the only 
cloud hosting service with fast access to name-brand resources like Ora- 
cle and IBM databases. AWS is the only service where you can mail your 
hard drives in to save money on data transfers. And Amazon's APIs and 
formats are already becoming the de facto standards for the cloud. 

Take the Open Virtualization Format. When developing the OVF spec- 
ification, VMware and a host of other companies set out to create a stan- 
dard for virtual machine images so that they could easily be interchanged 
between virtualization platforms. This is clearly a necessary specification 
that will come into play the more public and private clouds mesh. 

But to this day, OVF hasn't taken off. We've not seen a single piece of 
software encoded inside of an OVF-compliant package. No companies 
offer anything around OVF yet, save for a single tool from the specifica- 
tion committee. Instead, the Amazon Machine Image format, AMI, has 
already become the default. 

At the Structure 09 conference, where cloud companies were out in 
force, almost every exhibitor offered something packaged up as an AMI. 
One company, RightScale, had even bought three servers in Amazon's 
cloud so that it can permanently sell access to its own retinue of special- 
ized AMI images. 

In other areas, a startup, Eucalyptus Systems, is attempting to imple- 
ment Amazon's APIs so that private clouds can use them. When every- 
one else is using the Amazon formats and mimicking its APIs, you can be 
sure that it's the de facto market leader. We all know that first-mover 
advantages may be short-lived, but at this point, Amazon is the undis- 
puted cloud leader. 

The demand for mobility 

Apple sold more than a million of its iPhone 3GS smartphones the 
first week the devices were available — even though the advantages 
that the third-generation iPhone offered were purely incremental over 
the 2008 model. They consisted of slightly longer battery life, a better 
camera, video-recording capability, a faster processor and more RAM. 

That was in mid-June. At around the same time, the Google-dominat- 
ed Android project announced a bevy of new smartphone devices, capi- 
talizing on the Android 1.5 software released at the end of April. There's 
the Palm Pre, a new device that's gathering a lot of attention. The Black- 
Berry continues to be hot, hot, hot. 

Not only are smartphones and other handheld devices becoming more 
and more popular, but some big players are also preparing to get involved 
in a bigger way. Intel and the Linux Foundation are have released alphas 
of Moblin v2, their next-generation version of Linux optimized for x86- 
based mobile devices. And Microsoft is moving closer to the launch of 
Windows 7, which, unlike Windows Vista, will "scale down" to work well 
on netbooks and other small devices. 

This means that developers, whether commercial or enterprise, can't 
afford to ignore mobile devices. Custom smartphone applications will 
differentiate Web-oriented businesses, as companies as diverse as the 
New York Times, Facebook, the American Automobile Association and 
Netflix have demonstrated with their custom apps for the iPhone and 
other devices. 

Make no mistake: The emergence of these mobile platforms, and the 
prevalence of these devices, must not be underestimated. Just as corpo- 
rate e-mail administrators had to learn to accommodate the BlackBerry, 
so too must developers learn to embrace these next-generation smart- 
phones. That's what your users and customers want today and will 
demand tomorrow. I 
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TAKE OPEN-SOURCE SENSIBILITIES 

into the enterprise? That was a radical 
idea 10 years ago, when Brian Behlen- 
dorf and Bill Portelli started CollabNet. 

It was a time of ALM 1.0, with LAN- 
based tools and processes that hard-cod- 
ed organizations in to their vendors. Col- 
labNet's vision was for transparent, 
open-source development, with a recog- 
nition that distributed development was a 
desirable business model. Now, fast-for- 
ward 10 years, and companies get that. 

Today, Portelli recognizes that a com- 
puting cloud also can't be an island, like 
LANs were back in the day. He said 
organizations, though, still prefer to 
have their data behind a firewall, along 
with their operations and processes. 
"Companies are now asking, 'What are 
my development teams putting on the 
'Net? What are Amazon's security poli- 
cies?'" Portelli said. 

"Amazon doesn't guarantee uptime 
for the application, only for their infra- 
structure. But companies don't run 
infrastructures. They run applications 
and need accountability for keeping 
their applications up." 

This, he said, will usher in a new era 
of application life-cycle management, 
starting with development — for the 
cloud and within the cloud. 

— David Rubinstein 

I SPENT A LOT OF TIME writing 
about compliance in this issue. Compli- 
ance is an important part of the require- 
ments phase for software development, 
and cloud computing is going to change 
how companies deal with it. 

In my research, I learned that some 
regulations were better (or worse) than 
others. Strict regulation in the U.K. and 
France makes it much more difficult to 
use cloud computing for line-of-business 
applications. In the U.S., some govern- 
ment regulations like HIPAA establish a 
liability framework, but the Payment 
Card Industry (PCI) standard doesn't. 
PCI is more flexible than HIPAA, but 
there is a certain lack of accountability. 

However, my friend Jeremiah Gross- 



man, WhiteHat Security founder and 
CTO, has said that PCI is superficial, 
and the people that are supposed to be 
watched are the watchdogs. There's too 
much disparity. More work should be 
done to standardize and coordinate reg- 
ulations across borders, because today's 
systems cut across continents. 

— David Worthington 

AJAX COMPANY MYKONOS seems 
to enjoy symbolism. 

Company execs chose to name the 
startup after the Greek island, because it 
represented a sunny, paradise-like alter- 
native to snow- riddled Rochester, N.Y., 
where the company has its headquar- 
ters. In addition to that, Mykonos chose 
an image of a butterfly as the company 
logo, with the concept of the butterfly 
effect in mind. 

Mykonos believes that one developer 
can flap his or her wings and benefit 
someone working at the other end of the 
world. "That really was what our goal 
was in Mykonos, to allow individual 
developers to have a bigger impact, 
much like the idea that the flapping of a 
butterfly's wings in one part of the world 
can cause a hurricane in another," said 
CEO David Koretz. 

We'll see if Mykonos has a big impact 
on AJAX development, or if it remains a 
caterpillar in the technology tree. 

— Jeff Feinman 

THE PARROT PROJECT IS, perhaps, 
best known as the basis of the Perl 6 
runtime, Rakudo. But after talking with 
the developers on Parrot, I'm convinced 
they're working on one of the coolest 
projects in dynamic languages out there. 
Though Parrot has been mired in 
development for more than nine years 
now, the real excitement isn't its matu- 
rity; it's the promise of having access to 
any dynamic language's libraries 
through any other dynamic language. 
That means accessing Python routines 
from a Perl program. Truly, this is a pro- 
ject to watch. 

— Alex Handy 



Interest in Ruby 
sees a boost 

The use of the Ruby scripting 
language has increased by 40% 
among North American software 
developers during the last year, 
according to Evans Data. Evans 
Data's biannual report surveyed 
over 400 North American software 
developers, the company said. 



DATA WATCH 



20% 


L 


Developers said that 


they plan to use Ruby 


in the coming year 



40% increase 

in use of Ruby among North American developers 
in 2009, compared to 2008 



14% of North American developers 

used Ruby "some part of the time" 
in 2009 

10% of North American developers 

used Ruby "some part of the time" 
in 2008 



Source: Evans Data 



www.sdtimes.com 



Software Development Times . July 15, 2009 



OPINION 



27 



The antisocial regime in enterprise IT 



The straggling vestiges of humanity 
crouch down amidst the technologi- 
cal rubble of a ruined city. The few who 
survive are hunted day and night by 
Skynet micro-turbine airborne Hunter- 
Killers. Is it the plot to the new Termi- 
nator movie? Perhaps. 

Rather, the Antisocial Regime in 
Enterprise IT has begun. 

Flying under the banner of 
"Rationalization," the new 
leadership of IT is rewarded 
for reducing headcount, con- 
solidating infrastructure and 
pulling the plug on as many 
projects as possible. IT leader- 
ship-by-Excel-spreadsheet and 
a shoot-first-ask-questions-lat- 
er mindset rule the day. 

IT thinkers collected 
together during the recent Forrester IT 
Forum to hear Dana Deasy, CIO and 
group vice president of British Petrole- 
um (formerly of General Motors), talk 
about his first 100 days on the job. By 
the end of his first year, Mr. Deasy had 
cut US$400 million dollars out of the 
annual IT budget of the fourth largest 
company on earth, including reducing 
headcount by 500 people under a radical 
regime of "IT Rationalization." 

This is not your father's IT cost- 
reduction program. Instead of opera- 
tional metrics and iterative cost reduc- 
tion, this paradigm speaks to wholesale 
rip and replace, multidivisional shut- 
downs, and a violent pace of change. 

The falcon cannot hear the falconer, 
things fall apart, the center cannot hold. 

Cost is offloaded offshore. Entire 
operations are handed over to contrac- 
tors. Experience and relationships are 
flushed out in favor of contractors who 
are cheaper to eliminate. It's easy to say 
that this is shortsighted, but CIOs are 
talking about their "first hundred days" 
and have a job life expectancy of 22 
months on average. 

DEVELOPERS ARE AFFECTED 

Developers may feel insulated from this 
IT trend, but as the business begins 
rearchitecting, business rules and busi- 
ness processes and more abstract layers 
of logic are emerging that take over 
many of the functions of software devel- 
opment. Developers need to embrace 
these tools or risk being on the wrong 
side of IT history. 

Still, there are companies who are 
fighting back to retain control of their 
architecture and IT destiny. The CIO of 
Volkswagen said, "We don't want a 
Microsoft SO A. We don't want an SAP 
SO A. We want a Volkswagen SOA." 

For these companies, the ability to 
integrate and govern both on- and off- 
premise applications and infrastructure 
will be key to their survival. Establish- 
ing a technological advantage costs 




more than having none, but those who 
retain control of their IT infrastructure 
will be at an advantage when the econ- 
omy recovers. 

For these bold stalwarts, rationaliza- 
tion actually means a process of making 
IT rational, not a code word for slash- 
and-burn antics. This means architectur- 
al reorganization around busi- 
ness services (SOA) as well as 
unification around key data 
elements such as a single view 
of customer and products 
(MDM). It means operational 
measurement and alignment 
of organizations. It means gov- 
ernance and cross-vendor 
integration. 

This is hard work. Some 
organizations will not have 
the stomach for it. It's important to 
understand which kind of company you 
are and to act accordingly. Those who try 
and succeed will be the winners. Those 
who try and fail may be worse off than 
those who did not try. 

Mere anarchy is loosed upon the 
world, the blood-dimmed tide is loosed, 
and everywhere the ceremony of inno- 
cence is drowned. 

THE STRUGGLE TO INNOVATE 

Even in the vendor landscape, innova- 
tion struggles under the yoke of global 
recession. Sun Microsystems, once a 
beacon of innovation, is being acquired 
by Oracle. Based on statements by Ora- 
cle CFO Safra Catz, analysts estimate as 
many as 10,000 jobs will be lost. 

Infrastructure is increasingly being 
sold as autonomic, self-regulating and 
self-healing. It's everything but self- 
aware. What makes it antisocial is that the 
goal of the new IT internal cloud is to 
require no human operators. This is why 
I say the cloud is "antisocial underneath." 

So, what makes me think that innova- 
tion will move into the cloud? A few 
things are obvious, such as the fact that 
the momentum behind IT innovation is 
unstoppable. Universities around the 
world crank out hundreds of thousands 
of engineers, computer scientists and 
designers. Sure, we may be facing a dra- 
matic slowdown in developed countries, 
but regions such as China, India and 
Brazil are burgeoning with new talent 
and new markets. 

A few laid-off developers will retrain 
and become masseuses. But developers 
want to develop. In my experience, if a 
developer worked on a project that failed, 
they will try to build a more successful 
version of the same project. 

This is human nature. Some of these 
attempts, unconstrained by the funding 
models, policies and inhibitory social 
environment of the enterprise, will be 
reborn in the cloud. After all, with job 
hunts for some technical staff extending 



into months and years, there's no doubt 
that IT workers seeking to stay current 
will gravitate towards experimenting 
with the likes of Amazon EC2. 

With the radical cost reductions in 
the enterprise coupled with the complex 
policy-laden model and stringent devel- 
opment life cycles to assure security and 
compliance, innovation inside the 
enterprise will be slow at best. 

PERFECT STORM OF GROWTH 

We are witnessing the convergence of 
three exponential growth curves: human 
population, available bandwidth and 
computer memory RAM. Moore's Law, 
of course, is a given. Recall that people 
are notoriously bad at understanding the 
implications of exponential change. 

So why is the cloud the most effective 
spawning ground for all of these innova- 
tors? 

1) Low cost to entry: Anyone in the 
world with a credit card can get an Ama- 
zon EC2 account and pay the eighty 
bucks a month to get access to world- 
class infrastructure. 

2) Fail early and fail often: Failed 
projects in a cloud never end up costing 
much more than the entry price. Com- 
bined with the low cost to entry, it makes 
investing in the cloud easier. 

3) Viral adoption: Successful cloud 
apps build exponential growth with a 
viable business model. 

4) Easy programming models: They 
can use PHP, Ruby, Python, Java and 
scripting approaches, but without worry 
about how they will scale to meet 
demand. 

Let's not forget the other thing that 
makes the cloud scale. The cloud is 
"social on top." Unlike cloud infrastruc- 
ture, the more people are involved in 
cloud applications, the more successful 
you are. To borrow from Daryl Plum- 
mer, VP and research fellow at Gartner, 
the cloud is animated by the four "C's" of 
content, community, collaboration and 
capabilities (services). These are the 
ingredients of human social interaction, 
the elements of what I call "The Human 
Enterprise" in my blog. 

Cloud applications are mobile and 
social because humans are. 

The winners will be the ones who 
recognize both the social and antisocial 
implications of cloud applications and 
infrastructure. It is the perfect environ- 
ment to grow the disruptive technolo- 
gies atop which the next revolution in IT 
will be built. 

And what rough beast, its hour come 
round at last, Slouches towards Bethle- 
hem to be born? 

— W.B. Yeats, The Second Coming I 

Miko Matsumura is VP and chief strate- 
gist at Software AG, and founder of the 
SOA Link Interoperability Initiative. 
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Prototyping with Processing 



Recently, I had a client who was inter- 
ested in "augmented reality" appli- 
cations. The phrase is used to describe 
applications that overlay computer-gen- 
erated imagery on a heads-up display or, 
at least, a live video feed. This type of 
thing is old hat at ACM SIGGraph but 
still pretty radical for a consumer web- 
site marketing campaign. 

Perhaps one day I'll have one of those 
clients that says, "Take your time and let 
us know what you discover. We're writing 
this development effort off as high-risk, 
high-payback research and develop- 
ment." They'll pay in pixie dust and give 
me rides on their flying horses. Until 
then, like most post-collegiate develop- 
ers, I have to be careful about embarking 
on "interesting" programming projects. 

In the case of augmented reality, suc- 
cess depends on recognizing targets with- 
in video frames. The targets take up rela- 
tively few pixels and have lower contrast 
and far more noise than in a reference 
photo. Even a plain vanilla video display 
eats up a significant amount of local 
resources, and in addition to finding the 
targets, you presumably have to, you 
know, do something with the information, 
such as reconstruct the spatial location of 
the targets, project that onto some model, 
and composite that into the output. And 



then you have to do it all over again in the 
next several dozen milliseconds. 

If you are interested in video process- 
ing, you should probably begin with 
OpenCV and, if possible, combine it with 
Intel's Integrated Performance Primitive 
libraries. Unfortunately, for various rea- 
sons this was inappropriate for my client's 
application. Strangely, this 
actually lowered my risk profile 
for the project; had I the 
advantages of object-recogniz- 
ing libraries and SIMD 
instructions, I definitely would 
have faced the risk of not prop- 
erly taking advantage of them! 

Instead, I had a straight- 
forward brick wall to get 
through: Could I reliably do 
target detection in a video 
frame? Further, I knew that the client 
would not fund the development of a 
sophisticated object- detection algorithm 
(no Viola-Jones boosted rejection cas- 
cades for me!). If I couldn't achieve the 
detection goals with a relatively simple 
algorithm, I would have too little trac- 
tion on the problem to commit to a 
schedule for the whole project. 

To investigate, I turned to Processing, 
an excellent little language that's become 
increasingly used in the field of data visu- 




alization. (Just between you and me, Pro- 
cessing is Java, not a little language at all. 
But you don't have to deal with CLASS- 
PATH issues, so that takes a lot of the 
sting away.) Processing comes with a sim- 
ple IDE that seems to be the same one 
used for Arduino programming. 

Why did I reject C++ for the proto- 
type and use Processing 
instead, when neither was 
appropriate for the final appli- 
cation? My logic was twofold: 
For all the fact that I actually 
like the C++ language, rapid 
prototyping is not really its 
forte. For another, I figured 
that if I succeeded at creating 
a C++ prototype, I still could- 
n't be sure that a version of the 
algorithm running in a brows- 
er would be sufficient. But if I had suc- 
cess with Processing, I would be pretty 
confident about performance in a man- 
aged environment. 

Logical choice or not, the ease with 
which Processing dealt with reading and 
creating images was delightful. Debug- 
ging is essentially non-existent in Process- 
ing, and there is no unit-testing frame- 
work. It actually turned out to be easier to 
write little visualizers for my search algo- 
rithms and data structures than to track 



development with println() calls. 

For markers, I was using printouts of 
two quarter-circles kissing each other 
(think "crash-test dummy"). These give 
good high-contrast edges that reverse at 
the center point, so I thought they'd be 
good signals. Sure enough, in totally 
artificial test images or when they were 
near the camera, I could pick them up 
regularly. 

Unfortunately for the client's applica- 
tion, the markers would have to be 
picked up even when they were relative- 
ly small in the frame. With webcam- 
quality video, there is a lot of noise, 
funky brightness shifts and, bluntly, 
cruddy resolution. While on any given 
frame I could tweak parameters to grab 
my markers, on another frame from the 
same source file those same parameters 
would give me false positives in some 
background contour or, vice versa, I'd 
lose the marker. 

As tempting as it was to chase it down 
the rabbit hole ("OK, we have a sliding 
window of searches over a series of 
frames, and that gives us a set of candi- 
dates..."), I concluded that I couldn't 
make a proposal to tackle this project. 
My reality's interesting enough without 
being augmented by an unproven algo- 
rithm and a hard deadline. I 

Larry O'Brien is a technology consul- 
tant, analyst and writer Read his hlog at 
www. knowing, net. 
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The need to expand open-source licensing 



< continued from page 1 

reception in large enterprises. Into the 
breach stepped the Open Source Initia- 
tive (OSI), a group of open-source 
diehards whose goal was to promote 
OSS. They recognized the need for self- 
imposed regulation, and they set about 
trying to define what "open source" 
meant as a term and what licenses fit the 
definition. In this effort, they were suc- 
cessful. 

Their second principal activity was to 
encourage companies and projects, such 
as Apache, GNU, Mozilla and others, to 
adopt core OSS licenses. This the OSI did 
spectacularly well. Few new OSS projects 
come into the world today without using 
one of the principal sanctioned licenses. 

This work contributed to the present 
situation in which OSS has lost its edgi- 
ness and is now commonly accepted by 
even conservative companies as an 
alternative business model. As the OSS 
model matures, I believe the OSI needs 
to press into new fields that it currently 
resists. In particular, I believe it needs 
to create licenses for OSS products that 
have restrictions on their use. And it 
needs to broaden its license-approval 
process. Let me explain. 

A FLAWED PROCESS 

OSI requirements of a license are nar- 
rowly defined. Among them is that no 
limitation can be placed on who can use 
the software. This appeals to the pop- 
ulist in me, but it has consequences that 
quickly become complex. For example, 
suppose somebody open-sources a game 
that has images unsuitable for minors. 
Limiting the license to users over the 
age of 18 would preclude OSI approval. 
This might appear like a strawman, but 
there are compelling parallels. 

Consider the case of Phil Zimmerman, 
who nearly went to jail for making the 
source code of this cryptography product, 
PGP, available to users outside the United 
States. Had the OSI existed then and 
Zimmerman placed a rule stating that this 
software had to be used in compliance 
with federal regulations, he would have 
run afoul of the OS Is definition of OSS. 

Because of this, there are lots of soft- 
ware out there that call themselves "open 
source" but are not made available under 
OSI-compliant licenses. To the OSI, this 
means they're not open source. To me, 
compliance with government regulations 
restricting access should not preclude the 
"open-source" appellation. 

I contacted the OSI about these exam- 
ples and was told their recommendation is 
to provide an OSS license, plus wording 
with the packaging or distribution explain- 
ing the restrictions. This solves the OSI's 
problem, but it almost certainly does not 
solve the legal problem. The only legal 



means a software vendor has of limiting its 
users is through the license, so placing 
notice of restrictions in other documents 
is unlikely to be sufficient. 

I propose that the OSI create a set of 
three limited OSS licenses that would 
allow otherwise compliant code to be 
OSS. These licenses would identify the 
limitation that precludes the plenary 
OSS license. These would be 1) some 
limitations on who can use the software; 
2) a notice that not all the software is 
open source; and 3) a limitation on the 
use of the software. 

TOP 10 OPEN-SOURCE 
LICENSES IN USE 



LICENSE 



PERCENTAGE 



GNU General Public License (GPL) 2.0 


50.06 


GNU Lesser General Public License (LGPL) 2.1 


9.63 


Artistic License (Perl) 


8.68 


BSD License 2.0 


6.32 


GNU General Public License (GPL) 3.0 


5.10 


Apache License 2.0 


3.91 


MIT License 


3.80 


Code Project Open 1.02 License 


3.35 


Mozilla Public License (MPL) 1.1 


1.25 



Microsoft Public License (MS-PL) 1.02 

Source: Black Duck Software 

I've explained the first point. The 
second is crucial for certain packages, 
such as IBM's NetRexx language, where 
there has been a longstanding demand 
to open-source it, but one closed-source 
module that IBM does not control or 
cannot open-source blocks its release. 

Why not provide a way to open-source 
the package while making clear to users 
that there is some portion that is not 
open? This license alone, I believe, would 
greatly expand the amount of OSS, as 
companies could now release source 
code without divulging trade secrets. 

The third category — limitation on 
use — is commonly seen today in the 
freeware market, where a product is 
made available at no cost for personal or 
academic use, but commercial use 
requires a license. Enabling this license 
would make available OSS products that 
today ship in binary form only. 

CONSULTING THE COMMONS 

Licenses with such defined limitations 
already exist — in the Creative Commons 
(CC). The CC offers licenses with well- 
defined limitations that are understood by 
the community. It offers only four such 
licenses: cc-attribution (you must give 
attribution to the licensor in a specified 
manner); cc-share alike (derivative works 
must use the same license); cc-noncom- 
mercial (akin to my third proposal) and 
cc-no derivative works (no modifications 
allowed). The CC points out that its 



licenses are not intended for software, 
and, if you read them, it's clear that they 
were drafted for artistic works only. In 
fact, as CC vice president Mike Linksvay- 
er points out, the CC strongly objects to 
the use of any of its licenses for software. 

However, CC-like licenses rewritten 
for software and for the narrow cate- 
gories I propose seem a sensible way to 
increase the amount of open software 
without diluting the meaning of the pre- 
sent open-source license. 

According to the OSI, the way to solve 
this problem is to use other wording for 
non-compliant releases, such as "commu- 
nity edition." This solution, while keeping 
the OSI position inviolate, however, 
merely shifts the problem to the user. In 
essence, the "community edition" 
becomes the unregulated bazaar of OSS, 
where any license terms can be specified, 
and the user is at a loss for guidance on 
license terms and what they mean. 

The situation is actually more con- 
fused than this. Most companies that 
have released non-OSI-compliant OSS 
don't use "community edition" or other 
terms; they call it open source. For 
example, LaTeX (the typesetting soft- 
ware universally used in academia) is 
open source but not OSI-compliant. 
Zimbra's massive suite of open-source 
tools are also not issued under OSI- 
approved licenses, nor are some prod- 
ucts from Yahoo. Nor are gnuplot or 
Sendmail. Yet all of them refer to their 
products as "open source." 

The OSI has no power to regulate 
them, and this powerlessness risks return- 
ing us to the bazaar. By accepting limited 
licenses, it can normalize these licenses. 

THE PROBLEMS WITH SUBMISSIONS 

A final problem: Licenses are approved 
only as the result of a submission of the 
proposed terms to the OSI. So if a prod- 
uct is released under a non-OSI license, it 
might comply with the OSI's require- 
ments, but simply not be officially 
blessed. For example, the OSI has 
approved the Apache 1.1 and 2.0 licenses, 
but not 1.0. Was 1.0 not compliant or not 
submitted? Is the LaTeX license not com- 
pliant or was it never submitted? Unless 
you do a lot of research, you can't tell. 

It's fair to say that while OSI certifi- 
cation is meaningful, the absence of it 
means very little. To avoid this, the OSI 
needs to change its licensing procedure. 

These steps will keep the OSI rele- 
vant, dramatically expand the pool of 
open source, and help users understand 
packages that are presently outside the 
OSI's purview. I 

Andrew Binstock is the principal analyst 
at Pacific Data Works. Read his hlog at 
binstock. hlogspot. com. 
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EARNINGS: Adobe Systems saw its fis- 
cal second quarter net income fall to 
US$126 million from $214.9 million in the 
same period a year earlier. Revenue for 
the quarter was $704.7 million, com- 
pared to $886.9 million reported for the 
second quarter of fiscal 2008 and 
$786.4 million reported in the first quar- 
ter of fiscal 2009. GAAP operating 
income fell to $161.4 million in the second 
quarter of fiscal 2009 from $260.2 mil- 
lion in the second quarter of fiscal 2008, 
along with $207.9 million in the fiscal 
2009 first quarter. For its third quarter of 
fiscal 2009, Adobe executives are pro- 
jecting revenue between $665 million 
and $715 million . . . Red Hat reported 
total revenue for its fiscal year 2010 first 
quarter, ended May 31, 2009, of US$174.4 
million, an increase of 11% from the year- 
ago quarter. Net income for the quarter 
was $18.5 million, compared with $17.3 
million in the same quarter a year prior. 
Non-GAAP net income for the quarter 
was $28.7 million, as compared to $26.0 
million in the same period a year prior. 
Additionally, operating cash flow totaled 
$61.2 million, as compared to $63.4 mil- 
lion in the year ago quarter. I 
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